[Security Solution][Endpoint] Hide endpoint event filters list in det…

…ections tab (elastic#102644) * Add event filters filter on exception list to hide it in UI * Fixes unit test and added more tests for showEventFilters * fixes test adding showEventFilters test cases * Pass params as js object instead of individual variables Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine · Jun 23, 2021 · c23720e · c23720e
1 parent 6e10c4b
commit c23720e
Show file tree

Hide file tree

Showing 8 changed files with 420 additions and 42 deletions.
diff --git a/packages/kbn-securitysolution-io-ts-list-types/src/typescript_types/index.ts b/packages/kbn-securitysolution-io-ts-list-types/src/typescript_types/index.ts
@@ -42,6 +42,7 @@ export interface UseExceptionListsProps {
   notifications: NotificationsStart;
   pagination?: Pagination;
   showTrustedApps: boolean;
+  showEventFilters: boolean;
 }
 
 export interface UseExceptionListProps {

diff --git a/packages/kbn-securitysolution-list-hooks/src/use_exception_lists/index.ts b/packages/kbn-securitysolution-list-hooks/src/use_exception_lists/index.ts
@@ -28,6 +28,7 @@ export type ReturnExceptionLists = [boolean, ExceptionListSchema[], Pagination,
  * @param namespaceTypes spaces to be searched
  * @param notifications kibana service for displaying toasters
  * @param showTrustedApps boolean - include/exclude trusted app lists
+ * @param showEventFilters boolean - include/exclude event filters lists
  * @param pagination
  *
  */
@@ -43,6 +44,7 @@ export const useExceptionLists = ({
   namespaceTypes,
   notifications,
   showTrustedApps = false,
+  showEventFilters = false,
 }: UseExceptionListsProps): ReturnExceptionLists => {
   const [exceptionLists, setExceptionLists] = useState<ExceptionListSchema[]>([]);
   const [paginationInfo, setPagination] = useState<Pagination>(pagination);
@@ -51,8 +53,9 @@ export const useExceptionLists = ({
 
   const namespaceTypesAsString = useMemo(() => namespaceTypes.join(','), [namespaceTypes]);
   const filters = useMemo(
-    (): string => getFilters(filterOptions, namespaceTypes, showTrustedApps),
-    [namespaceTypes, filterOptions, showTrustedApps]
+    (): string =>
+      getFilters({ filters: filterOptions, namespaceTypes, showTrustedApps, showEventFilters }),
+    [namespaceTypes, filterOptions, showTrustedApps, showEventFilters]
   );
 
   useEffect(() => {

diff --git a/packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.test.ts b/packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.test.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { getEventFiltersFilter } from '.';
+
+describe('getEventFiltersFilter', () => {
+  test('it returns filter to search for "exception-list" namespace trusted apps', () => {
+    const filter = getEventFiltersFilter(true, ['exception-list']);
+
+    expect(filter).toEqual('(exception-list.attributes.list_id: endpoint_event_filters*)');
+  });
+
+  test('it returns filter to search for "exception-list" and "agnostic" namespace trusted apps', () => {
+    const filter = getEventFiltersFilter(true, ['exception-list', 'exception-list-agnostic']);
+
+    expect(filter).toEqual(
+      '(exception-list.attributes.list_id: endpoint_event_filters* OR exception-list-agnostic.attributes.list_id: endpoint_event_filters*)'
+    );
+  });
+
+  test('it returns filter to exclude "exception-list" namespace trusted apps', () => {
+    const filter = getEventFiltersFilter(false, ['exception-list']);
+
+    expect(filter).toEqual('(not exception-list.attributes.list_id: endpoint_event_filters*)');
+  });
+
+  test('it returns filter to exclude "exception-list" and "agnostic" namespace trusted apps', () => {
+    const filter = getEventFiltersFilter(false, ['exception-list', 'exception-list-agnostic']);
+
+    expect(filter).toEqual(
+      '(not exception-list.attributes.list_id: endpoint_event_filters* AND not exception-list-agnostic.attributes.list_id: endpoint_event_filters*)'
+    );
+  });
+});
diff --git a/packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.ts b/packages/kbn-securitysolution-list-utils/src/get_event_filters_filter/index.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { ENDPOINT_EVENT_FILTERS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import { SavedObjectType } from '../types';
+
+export const getEventFiltersFilter = (
+  showEventFilter: boolean,
+  namespaceTypes: SavedObjectType[]
+): string => {
+  if (showEventFilter) {
+    const filters = namespaceTypes.map((namespace) => {
+      return `${namespace}.attributes.list_id: ${ENDPOINT_EVENT_FILTERS_LIST_ID}*`;
+    });
+    return `(${filters.join(' OR ')})`;
+  } else {
+    const filters = namespaceTypes.map((namespace) => {
+      return `not ${namespace}.attributes.list_id: ${ENDPOINT_EVENT_FILTERS_LIST_ID}*`;
+    });
+    return `(${filters.join(' AND ')})`;
+  }
+};